Hello from Gregg C Levine I should. However, my problem is that I can't find an easy to understand explanation for setting up IPTABLES. I can provide one clew. So far, that worm is not causing any more attacks. It's as if it had stopped. For that explanation can you point to one? ------------------- Gregg C Levine [EMAIL PROTECTED] ------------------------------------------------------------ "The Force will be with you...Always." Obi-Wan Kenobi "Use the Force, Luke."� Obi-Wan Kenobi
> -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of > McKown, John > Sent: Tuesday, April 12, 2005 5:35 PM > To: [email protected] > Subject: Re: [LINUX-390] SSH based attacks > > > -----Original Message----- > > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > > Behalf Of Gregg C Levine > > Sent: Tuesday, April 12, 2005 4:04 PM > > To: [email protected] > > Subject: SSH based attacks > > > > > > Hello from Gregg C Levine > > Of the systems that run Linux, how many of you have them directly > > accessible to the Internet? > > > > As all of you know, I run Slackware Linux here, for Intel, practically > > every day the system is on, I see people attempting to access the > > system via SSH from unknown, to it, IP addresses. > > > > Are any of you seeing these happen? And what are you doing to prevent > > such access? > > Hum, if SSH is restricted to specific hosts, I'd just use "iptables" to > "drop the packets on the ground" from any other IP addresses. That's > what I do at home. Also, I don't respond to "pings" from outside. > Another thing to consider is to set up a single system which allows SSH > from outside. All the others "stand mute". If somebody needs to ssh to a > different server, they ssh to the internet SSH server, then ssh from > there to the actual server they need. And never let root ssh in. If > somebody needs root (why?), then ssh to a normal user and "su" (or sudo) > to do root work. > > I'll bet you already do that. I just thought I'd say it "just in case". > > > -- > John McKown > Senior Systems Programmer > UICI Insurance Center > Information Technology > > This message (including any attachments) contains confidential > information intended for a specific individual and purpose, and its' > content is protected by law. If you are not the intended recipient, you > should delete this message and are hereby notified that any disclosure, > copying, or distribution of this transmission, or taking any action > based on it, is strictly prohibited. > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX- > 390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
